CVE-2004-0580

Linksys BEFSR11 BEFSR41 BEFSR81 BEFSRU31 - Information Disclosure via DHCP BOOTP Reply Buffer

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0580. PoCs published by Jon Hart.

AI-analyzed exploit summary This exploit targets a DHCP server vulnerability in Linksys devices, allowing memory disclosure and potential DoS by sending malformed BOOTP packets. It uses libnet and libpcap to craft and capture packets, revealing sensitive information like admin credentials.

Description

DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jon Hart · cremotehardware

https://www.exploit-db.com/exploits/24115

View Code ZIP pw:eip

This exploit targets a DHCP server vulnerability in Linksys devices, allowing memory disclosure and potential DoS by sending malformed BOOTP packets. It uses libnet and libpcap to craft and capture packets, revealing sensitive information like admin credentials.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Linksys DHCP server (multiple models including BEFSR41, BEFW11S4, etc.)

No auth needed

Prerequisites: Network access to the vulnerable Linksys device · libnet and libpcap libraries

MITRE ATT&CK